56322

move_uploaded_file not working after preview page

Question:

I'm submitting a form to a preview page(form) and then a final submit. I'm having trouble getting move_uploaded_file to work. How do i solve this? when i check the directory there is no file there.

preview page

$tmpname = $_FILES['titleimage']['tmp_name']; $imagefile = $_FILES['titleimage']['name']; $filename = basename($imagefile); $imagename = dirname(__FILE__).'/avatar/'.$filename; echo "<form enctype='multipart/form-data' id='submitpreview' action='/upload' method='POST'> <input type='hidden' name='image' value='$tmpname' readonly /> <input type='hidden' name='imagedir' value='$imagename' readonly />"; //other code echo "<div id='preview-submit-button'><a>Submit</a></div> </form>";

upload page

$image = $_POST['image']; $directory = $_POST['imagedir']; move_uploaded_file($image,$directory);

Answer1:

Are you sure the temporary file $_FILES['titleimage']['tmp_name'] is still there after you submit the second form? Remember, it's a temporary file. I'm afraid it <em>lives</em> only for the time the first form is submitted (just until request is processed).

So, you should:

<ol><li>

As soon as possible (that means, in the page that receive the first form, your preview page in fact) you save the temporary file in a folder of yours using <strong><a href="http://php.net/manual/en/function.move-uploaded-file.php" rel="nofollow">move_uploaded_file()</a></strong>.

</li> <li>

If the user <strong>confirms</strong> the preview, you move the file from the directory where you saved it in step <em>1</em> to its <em>definitive</em> folder, using the <strong><a href="http://php.net/manual/en/function.rename.php" rel="nofollow">rename()</a></strong> function.

</li> <li>

If user <strong>does not confirm</strong> the preview, you delete it using <strong><a href="http://php.net/manual/en/function.unlink.php" rel="nofollow">unlink()</a></strong> function.

</li> </ol><hr />

Additionaly, as <strong>Marc B</strong> pointed out, you should have a look to the security of your <em>preview-save</em> logic. Passing paths and filenames in hidden form field is a very good way to help hackers break your system. Have a look at <strong><a href="http://it.php.net/manual/en/book.session.php" rel="nofollow">PHP Sessions</a></strong> (maybe you already know), and consider moving that paths from the public form to a session variable.

Recommend

  • Whats wrong with this SQLCe Query?
  • visualizing RDF query result
  • Post binary data cross domain in javascript
  • StackExchange API - Deserialize Date in JSON Response
  • InputStream closed in Apache FileUpload API
  • How to update the UI immediately when a new record is added? Related to ember-cli-pagination
  • Can't send file with ajax to php file
  • PHP - sending email with attachment does not show message content
  • What is the likely cause of a net::ERR_CONNECTION_ABORTED when uploading a file to Spring
  • Form tag not showing up in haml file
  • Bootstrap (v3.3.4) glyphicons not displayed in IE when refresh page (F5)
  • perl, mysql - fasting way to upload a csv file into mysql?
  • Implementing “partial void” in VB
  • Sending HTML Form Data to Spring REST Web Service
  • Stop Bash Script if Hive Fails
  • How to add git credentials to the build so it would be able to be used within a shell code?
  • How to handle images sent by a mobile device?
  • azure media services - The request body is too large and exceeds the maximum permissible limit
  • Read a local file using javascript
  • Trying to switch camera back to front but getting exception
  • what is the difference between the asp.net mvc application and asp.net web application
  • Display Images one by one with next and previous functionality
  • Upload files with Ajax and Jquery
  • How to delete a row from a dynamic generate table using jquery?
  • json Serialization in asp
  • Rails 2: use form_for to build a form covering multiple objects of the same class
  • Proper way to use connect-multiparty with express.js?
  • Free memory of cv::Mat loaded using FileStorage API
  • Angular 2 constructor injection vs direct access
  • coudnt use logback because of log4j
  • embed rChart in Markdown
  • How to stop GridView from loading again when I press back button?
  • Programmatically clearing map cache
  • How to get NHibernate ISession to cache entity not retrieved by primary key
  • costura.fody for a dll that references another dll
  • Observable and ngFor in Angular 2
  • How can I use `wmic` in a Windows PE script?
  • UserPrincipal.Current returns apppool on IIS
  • Unable to use reactive element in my shiny app
  • java string with new operator and a literal